On Thu, 12 Sep 2024 09:21:07 +0200 Hanno Böck <[email protected]> wrote:
> But there's a larger question whether there even is a reliable "source > of truth" for whois servers. Does IANA make any guarantees that the > whois servers they advertise are operational, and under control of the > respective TLD authority? To answer myself: It appears multiple whois servers listed by IANA are not operational. This is true for the following TLDs: cf ci dz ec gn gp hm iq ml na sb tk to uy xn--lgbbat1ad8j xn--mgbtx2b xn--ygbi2ammx It therefore strongly appears to me that there is currently no reliable data source for whois servers, and therefore, it is unclear how domain validation via whois can be implemented securely. -- Hanno Böck - Independent security researcher https://itsec.hboeck.de/ https://badkeys.info/ -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/20240912102457.0d87c028%40computer.
